I agree with both Alessandro and Robert's advice to just go ahead and install a reverse proxy. There are several issues with running https directly in Tomcat - one of them is that you either have to a) choose a port above 1024 for the HTTPS traffic and then use port redirection magic to move standard port 443 traffic to that port, or b) run Tomcat in such a way that it has the privileges to open port 443 itself. In the past, running Tomcat with privileges to operate on the standard HTTPS port (443) meant running it as root, which is a Bad Idea; however, there are some changes to at least Linux, maybe even some of the BSDs, recently, that allow you to set a capability for the Tomcat user to open privileged ports without having to elevate to root.
The thing is, the above are just the things you have to do to get Tomcat to even listen or process traffic on 443, and you haven't even set up the private key/certificate, yet. You're really better off just installing either Nginx or httpd and going that route. -Nick On Fri, Feb 16, 2024 at 6:06 AM Alessandro Sironi <[email protected]> wrote: > Hi Andrea, > > it would be better to not expose directly Tomcat to internet, instead, you > sohould use a reverse proxy such as NGINX or Apache and land there over > HTTPS. > > Regards, > > Alessandro > Il 16/02/2024 11:47, Andrea Miconi ha scritto: > > I'm new to guacamole and now I can access the login page with HTTP. > > I want to access it with HTTPS instead, but I can't figure out what I > should do. > Reading online I found a suggestion to install Nginx as a reverse proxy, > but I would like to avoid it. > > Shouldn't it be enough to activate https on Tomcat? > How to do it? > >
